jheysel-r7

54 exploits Active since Sep 2020
CVE-2023-48788 METASPLOIT CRITICAL ruby WORKING POC
Fortinet Forticlient Endpoint Management Server - SQL Injection
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS 9.8
CVE-2020-27955 METASPLOIT CRITICAL ruby WORKING POC
Git Remote Code Execution via git-lfs (CVE-2020-27955)
Git LFS 2.12.0 allows Remote Code Execution.
CVSS 9.8
CVE-2023-24955 METASPLOIT HIGH ruby WORKING POC
Microsoft SharePoint Server - Remote Code Execution
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS 7.2
CVE-2024-30038 METASPLOIT HIGH ruby WORKING POC
Windows 10 1507-22H2 and Windows 11 21H2-23H2 - Elevation of Privilege via Win32k Heap-based Buffer Overflow
Win32k Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-35250 METASPLOIT HIGH ruby WORKING POC
Windows Kernel-Mode Driver - Privilege Escalation
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2023-28252 METASPLOIT HIGH ruby WORKING POC
Windows Common Log File System Driver - Heap-based Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2022-3699 METASPLOIT HIGH ruby WORKING POC
Lenovo Diagnostics < 4.45.0 and HardwareScan Plugin < 1.3.1.2 - Privilege Escalation via Out-of-bounds Write
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
CVSS 7.8
CVE-2026-24061 METASPLOIT CRITICAL ruby WORKING POC
GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
CVSS 9.8
CVE-2023-33012 METASPLOIT HIGH ruby WORKING POC
Zyxel USG/ATP/VPN Firmware 5.00-5.36 Patch 2 - Unauthenticated OS Command Injection via GRE Configuration
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.
CVSS 8.8
CVE-2024-27348 METASPLOIT CRITICAL ruby WORKING POC
Apache HugeGraph-Server - Remote Command Execution
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
CVSS 9.8
CVE-2022-39952 METASPLOIT CRITICAL ruby WORKING POC
Fortinet FortiNAC keyUpload.jsp arbitrary file write
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
CVSS 9.8
CVE-2022-0824 METASPLOIT HIGH ruby WORKING POC
webmin < 1.990 - Improper Access Control to Remote Code Execution
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS 8.8
CVE-2024-28397 METASPLOIT MEDIUM ruby WORKING POC
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
CVSS 5.3
CVE-2023-38035 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
CVSS 9.8
CVE-2022-22956 METASPLOIT CRITICAL ruby WORKING POC
VMware Workspace ONE Access - Authentication Bypass via OAuth2 ACS Framework
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVSS 9.8
CVE-2021-1499 METASPLOIT MEDIUM ruby WORKING POC
Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
CVSS 5.3
CVE-2023-4220 METASPLOIT HIGH ruby WORKING POC
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVSS 8.1
CVE-2023-47218 METASPLOIT MEDIUM ruby WORKING POC
QNAP QTS 5.1.0-5.1.5.2645 and QuTS hero h5.1.0-h5.1.5.2647 and QuTScloud c5.0.0.1919-c5.1.5.2651 - OS Command Injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
CVSS 5.8
CVE-2023-0315 METASPLOIT HIGH ruby WORKING POC
froxlor/froxlor <2.0.8 - Command Injection
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVSS 8.8
CVE-2024-56145 METASPLOIT CRITICAL ruby WORKING POC
Craft CMS Twig Template Injection RCE via FTP Templates Path
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
CVSS 9.8
CVE-2023-50386 METASPLOIT HIGH ruby WORKING POC
Apache Solr Backup/Restore APIs RCE
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
CVSS 8.8
CVE-2023-26067 METASPLOIT HIGH ruby WORKING POC
Lexmark <2023-02-19 - Info Disclosure
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
CVSS 8.1
CVE-2024-2961 METASPLOIT HIGH ruby WORKING POC
GNU C Library <2.39 - Buffer Overflow
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
CVSS 7.3
CVE-2020-2038 METASPLOIT HIGH ruby WORKING POC
Palo Alto Networks Authenticated Remote Code Execution
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
CVSS 7.2
CVE-2023-4911 METASPLOIT HIGH ruby WORKING POC
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVSS 7.8